Improving Network Security Change Management Using RedSeal



Similar documents
Enabling Continuous PCI DSS Compliance. Achieving Consistent PCI Requirement 1 Adherence Using RedSeal

Leveraging Network and Vulnerability metrics Using RedSeal

Optimizing Network Vulnerability

Vulnerability Risk Management 2.0. Best Practices for Managing Risk in the New Digital War

What a Vulnerability Assessment Scanner Can t Tell You. Leveraging Network Context to Prioritize Remediation Efforts and Identify Options

Actionable Security Intelligence: Preparing for the Next Threat with a Proactive Strategy

Achieving Control: The Four Critical Success Factors of Change Management. Technology Concepts & Business Considerations

CORE INSIGHT ENTERPRISE: CSO USE CASES FOR ENTERPRISE SECURITY TESTING AND MEASUREMENT

IBM Security Intelligence Strategy

Continuous Network Monitoring

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

Maintaining PCI-DSS compliance. Daniele Bertolotti Antonio Ricci

Accenture Federal Services. Federal Solutions for Asset Lifecycle Management

Total Protection for Compliance: Unified IT Policy Auditing

AD Management Survey: Reveals Security as Key Challenge

TOP 10 WAYS TO ADDRESS PCI DSS COMPLIANCE. ebook Series

The Emergence of Security Business Intelligence: Risk

Mike Smart Cyber Strategist & Enterprise Security Solutions, EMEA. Cyber: The Catalyst to Transform the Security Program

Cisco Security Optimization Service

PCI DSS Top 10 Reports March 2011

with Managing RSA the Lifecycle of Key Manager RSA Streamlining Security Operations Data Loss Prevention Solutions RSA Solution Brief

IBM Security QRadar Risk Manager

WHITEPAPER PROACTIVE SECURITY INTELLIGENCE RETURN ON INVESTMENT

Security solutions White paper. Acquire a global view of your organization s security state: the importance of security assessments.

How To Protect Your Network From Attack From A Network Security Threat

Proving Control of the Infrastructure

Web application security Executive brief Managing a growing threat: an executive s guide to Web application security.

2011 Forrester Research, Inc. Reproduction Prohibited

FIVE PRACTICAL STEPS

CONNECTING ACCESS GOVERNANCE AND PRIVILEGED ACCESS MANAGEMENT

Vulnerability Management

Attack Intelligence: Why It Matters

Application Security Testing as a Foundation for Secure DevOps

Leveraging a Maturity Model to Achieve Proactive Compliance

Technology Blueprint. Protect Your Servers. Guard the data and availability that enable business-critical communications

PCI DSS Reporting WHITEPAPER

IBM Security QRadar Risk Manager

Preemptive security solutions for healthcare

Virtualization Essentials

How to Define SIEM Strategy, Management and Success in the Enterprise

Real-Time Security for Active Directory

IBM Security QRadar Vulnerability Manager

Leveraging innovative security solutions for government. Helping to protect government IT infrastructure, meet compliance demands and reduce costs

Adopt a unified, holistic approach to a broad range of data security challenges with IBM Data Security Services.

Tufin Orchestration Suite

YOUR NETWORK SECURITY WITH PROACTIVE SECURITY INTELLIGENCE

CORE Security and GLBA

CORE Security and the Payment Card Industry Data Security Standard (PCI DSS)

SECURITY POLICY MANAGEMENT ACROSS THE NEXT GENERATION DATA CENTER

Real-Time Security Intelligence for Greater Visibility and Information-Asset Protection

IBM Rational AppScan: Application security and risk management

IMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE

Be Prepared. For Anything. Cyber Security - Confronting Current & Future Threats The role of skilled professionals in maintaining cyber resilience

RSA Solution Brief. The RSA Solution for Cloud Security and Compliance

Strategies for assessing cloud security

The RSA Solution for. infrastructure security and compliance. A GRC foundation for VMware. Solution Brief

RSA envision. Platform. Real-time Actionable Security Information, Streamlined Incident Handling, Effective Security Measures. RSA Solution Brief

Best Practices for Building a Security Operations Center

IBM Security IBM Corporation IBM Corporation

case study Core Security Technologies Summary Introductory Overview ORGANIZATION: PROJECT NAME:

WHITE PAPER AUTOMATED, REAL-TIME RISK ANALYSIS AND REMEDIATION

SOLUTION BRIEF. Next Generation APT Defense for Healthcare

Securing business data. CNS White Paper. Cloud for Enterprise. Effective Management of Data Security

Risk Management Frameworks

Tivoli Security Information and Event Manager V1.0

SecureVue Product Brochure

SECURITY CONTROLS AND RISK MANAGEMENT FRAMEWORK

Cloud Infrastructure Security Management

Avoiding the Top 5 Vulnerability Management Mistakes

The Value of Vulnerability Management*

How To Protect Your Data From Attack

Extreme Networks Security Analytics G2 Vulnerability Manager

SOLUTION WHITE PAPER. Align Change and Incident Management with Business Priorities

Prevent cyber attacks. SEE. what you are missing. Netw rk Infrastructure Security Management

White Paper Achieving PCI Data Security Standard Compliance through Security Information Management. White Paper / PCI

The Changing IT Risk Landscape Understanding and managing existing and emerging risks

Symantec Global Intelligence Network 2.0 Architecture: Staying Ahead of the Evolving Threat Landscape

HP ENTERPRISE SECURITY. Protecting the Instant-On Enterprise

Reduce Your Breach Risk: File Integrity Monitoring for PCI Compliance and Data Security

Retail Security: Enabling Retail Business Innovation with Threat-Centric Security.

Sourcefire Solutions Overview Security for the Real World. SEE everything in your environment. LEARN by applying security intelligence to data

Best Practices for Auditing Changes in Active Directory WHITE PAPER

IBM SECURITY QRADAR INCIDENT FORENSICS

FIREMON SECURITY MANAGER

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE

GETTING REAL ABOUT SECURITY MANAGEMENT AND "BIG DATA"

The Convergence of IT Security and Compliance with a Software as a Service (SaaS) approach

Transcription:

SOLUTION BRIEF Mapping the Impact of Change on Today s Network Security Infrastructure Improving Network Security Change Management Using RedSeal november 2011 WHITE PAPER RedSeal Networks, Inc. 3965 Freedom Circle, Suite 800, Santa Clara, 95054 Tel (408) 641-2200 Toll Free (888) 845-8169 www.redsealnetworks.com

2 SOLUTION BRIEF Mapping the Impact of Change on Today s Network Security Infrastructure Contents Executive Summary 3 Network Change: The Target That Never Stops Moving 3 Limping Ahead: The Crippling Effect of Change on Network Security 4 Infrastructure Evolution: Automating Network Security Change 5 The Solution: RedSeal Proactive Security Intelligence 6 Conclusions 7

Mapping the Impact of Change on Today s Network Security Infrastructure SOLUTION BRIEF 3 Mapping the Impact of Change on Today s Network Security Infrastructure Improving Network Security Change Management Using RedSeal Executive Summary: This solution brief will address the requirement for enterprise organizations to enlist more effective and proactive measurement of the impact that proposed changes to network infrastructure will have on security defenses, to gain visibility into resulting gaps in protection before they can be compromised by attackers. In addition to outlining the immense challenges faced by organizations in maintaining necessary infrastructure defense in today s environment of constant network evolution, and citing limitations of traditional response methods, the paper will specifically detail the manner in which RedSeal s proactive security intelligence solutions address these highly critical issues. By leveraging automation to provide unprecedented visibility into the interaction of all network defenses deployed across the enterprise, RedSeal empowers organizations to move away from retroactive remediation of risks to adapt infrastructure protection before changes are actually enacted. Network Change: The Target That Never Stops Moving Today s network security infrastructure must adapt to near constant demands for change, driven by powerful catalysts including emerging business requirements, the proliferation of new devices, and the need to protect against more advanced attacks. From displacement of traditional network perimeters by the widespread adoption of mobile devices, to the increasing exposure of internal assets, effective management of network security and related policy compliance has never been more significantly challenged. According to Enterprise Management Associates 2010 report The Changing Role of Network Management Keeping Pace with the New Demands of Virtualization and Cloud, network security strategists must adopt new approaches and methods to accommodate accelerated rates of change, new topologies and relationships between connected virtualized environments. As a result, enterprises have found themselves in need of new methodologies that empower them to understand the specific impact that proposed network www.redsealnetworks.com

4 SOLUTION BRIEF Mapping the Impact of Change on Today s Network Security Infrastructure alterations will have on security infrastructure, and any risk remediation necessitated by those changes, prior to implementation. Security management also requires a more effective means of communicating the impact that changes will have on network security to clearly illustrate any risks resulting from proposed alterations to their CISOs and the line of business leaders who originally requested them. To address these significant challenges, enterprises have recognized the need to adopt more proactive, continuous monitoring of security infrastructure that provides in-depth visibility into the precise manner that changes impact their network security and policy compliance. By gaining the ability to measure the impact of change on their security posture across the entire network and trend that information over time, organizations can begin making more informed decisions that allow them to optimize responsive efforts and prevent defensive weaknesses, before they can be attacked. Limping Ahead: The Crippling Effect of Change on Network Security IT security and network management professionals have long struggled with the conflicting requirements of facilitating changing business demands on infrastructure while maintaining network security that protects their organization s most critical assets. In today s environment of rapid IT innovation, distributed business models and advanced threats, practitioners have been forced to recognize the shortcomings of traditional processes used to understand the impact of network changes, and plan subsequent remediation. As noted by Gartner analyst Neil MacDonald in his 2011 presentation Enable Business Growth: Improving Information Security Decisions, most, if not all information security models are at a breaking point, driven in large part by evolving business demands. In fact, the static and rigid nature of today s security infrastructure actually discourages change, MacDonald contends, while catalysts including device consumerization, cloud computing and distributed collaboration dictate that network defenses become contextual and adaptive to support emerging requirements and stop threats. According to Gartner s 2011 report Improve Security Risk Assessments in Change Management With Risk Questionnaires, traditional means of reconciling security infrastructure with evolving requirements are insufficient in that: The nature and complexity of requested changes typically varies greatly, but the risk attributed to each change rarely correlates with either factor. Existing security change management processes often rely on incomplete risk analysis, leading to ineffective response.

Mapping the Impact of Change on Today s Network Security Infrastructure SOLUTION BRIEF 5 Change requests themselves often contain misleading risk mitigation advice due to inconsistent impact assessment. Security practitioners are not well equipped to react to shifts in technology, business expectations and process ownership, as observed by Forrester Research Analyst Khalid Kark in the 2010 Computer Weekly news article IT Security Must Address Business Trends. While this evolution has advanced for years, Kark notes, network change has accelerated significantly. Driven by these conditions, today s enterprises clearly require new processes and solutions that provide full visibility into the true impact of change on security infrastructure, to identify and quickly resolve any resulting gaps in network security. Infrastructure Evolution: Automating Network Security Change Whenever a network change occurs, the potential exists to create real-world security exposures, some changes that don t appear to necessitate risk mitigation may unknowingly compromise defenses. Today, most organizations create security rules to address each approved change, but these rules are often narrow in scope and to few security factors are taken into consideration, resulting in unexpected risks and even policy breaches. To evolve network security change management to keep pace with today s rate of change, industry analysts recommend that organizations maintain continuous visibility into network design and all available access across their infrastructure. Eliminating the practice of retroactive response is one of today s critical security management challenges, Forrester s Kark is quoted as saying in the Computer Weekly Address Business Trends piece. To tackle the issue, advises Forrester, enterprises must implement methods to: Understand all the potential implications of every proposed change before implementation to assess all their risks and inform response. Develop the strategies, policies and solutions needed to address changing requirements, including automated network security assessment. Build security programs around the trending and management of new classes of change as they occur, while measuring performance of those initiatives to trend effectiveness. As noted in the 2010 TechTarget SearchSecurity.com article 5 Steps for Developing Strong Change Management Program Best Practices, management s primary challenge is to integrate itself into existing IT change management processes by accounting properly for all the systems and devices it encompasses. Getting involved in the decision-making process before changes are agreed upon is also becoming easier for security management as business leaders increasingly www.redsealnetworks.com

6 SOLUTION BRIEF Mapping the Impact of Change on Today s Network Security Infrastructure understand the risks that some proposed IT changes could introduce, the TechTarget story contends. By leveraging automated solutions that isolate unseen weaknesses in security resulting from network change, and clearly communicating that intelligence to management, today s practitioners can move beyond reactionary efforts to maintain protection post implementation into proactive mitigation of risks. RedSeal is the only solution that reports which vulnerabilities will become exposed by a proposed network change and the potential downstream impact of the change. This screen shot shows that over 120 vulnerabilities will be exposed if the proposed change is implemented. The Solution: RedSeal Proactive Security Intelligence RedSeal s proactive security intelligence solutions are the only products on the market today that allow management to measure the precise impact of network change on security infrastructure, and isolate any unintended access resulting from simple systems upgrades to major network expansion. After changes are made, RedSeal automatically reviews and analyzes any subsequent effect on network defenses to ensure necessary protection and policy compliance saving time and resources previously spent on reactive assessment and remediation. With RedSeal, instead of chasing issues created by change after the fact, risk mitigation can be planned ahead of implementation, improving efficiency and mitigating risk by allowing organizations to: Proactively view and examine all relevant rules and configurations that may present new points of exposure across the entire network. Clearly demonstrate resulting gaps in network defenses to IT management, line of business and other constituencies requesting proposed modifications.

Mapping the Impact of Change on Today s Network Security Infrastructure SOLUTION BRIEF 7 Continually auditing remediation to confirm its efficacy and prevent unexpected creation of additional risks, as well as maintain required policy compliance. Many regulations, including PCI DSS, also compel organizations to demonstrate that all changes affecting access to critical data receive full approval before implementation. RedSeal provides detailed justification reports and serves as an automated control that proves continuous application of PCI s change management control process requirements to third party compliance auditors. Using RedSeal, enterprises can isolate and trend detailed metrics that highlight their overall process efficiency in responding to network security change to drive improved protection, continuous compliance and optimal allocation of available resources toward the resolution of the most critical risks. RedSeal is the only solution to provide network security and vulnerability risk metrics, helping IT security organizations to understand the impact of daily IT changes. This screen shot shows the change over time of the number of vulnerable hosts that are directly exposed to the Internet. Conclusions: In today s world of relentless change, where new business drivers and disruptive technologies seemingly appear overnight, and attacks quite literally materialize without warning, network security must be adapted to address emerging demands on a constant basis. As noted in the 2011 Gartner report Network Security Monitoring Tools for Lean Forward Security Programs, a crucial element of enterprises network security change management capabilities will come from automated solutions that view of the effectiveness of all network security controls in aggregate and offer what-if analysis to understand the full implications of infrastructure evolution before it occurs. www.redsealnetworks.com

8 SOLUTION BRIEF Mapping the Impact of Change on Today s Network Security Infrastructure About RedSeal: RedSeal Networks develops proactive security intelligence software that enterprise organizations depend on to visualize the effectiveness of security infrastructure, maintain continuous policy compliance and protect their most critical business assets and data. Unlike systems that measure the impact of attacks after they transpire or address individual elements of network protection, RedSeal analyzes the cumulative ability of defenses to control access and mitigate vulnerability exposure across the entire enterprise, providing the critical metrics necessary to trend performance and isolates gaps before they can be discovered by hackers. For more information on RedSeal products please visit the company s web site at www.redsealnetworks.com or contact RedSeal representatives directly at (888) 845-8169.

Mapping the Impact of Change on Today s Network Security Infrastructure SOLUTION BRIEF 9 www.redsealnetworks.com

WHITE PAPER RedSeal Networks, Inc. 3965 Freedom Circle, Suite 800, Santa Clara, 95054 Tel (408) 641-2200 Toll Free (888) 845-8169 www.redsealnetworks.com Copyright 2011 RedSeal Networks, Inc. All rights reserved. RedSeal and the RedSeal logo are trademarks of RedSeal Networks, Inc.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information